Skip to content

Commit 6a4844b

Browse files
author
jenkins-metasploit
committed
automatic module_metadata_base.json update
1 parent 9bd8590 commit 6a4844b

File tree

1 file changed

+65
-0
lines changed

1 file changed

+65
-0
lines changed

db/modules_metadata_base.json

Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -103339,6 +103339,71 @@
103339103339
"session_types": false,
103340103340
"needs_cleanup": true
103341103341
},
103342+
"exploit_multi/http/cleo_rce_cve_2024_55956": {
103343+
"name": "Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution",
103344+
"fullname": "exploit/multi/http/cleo_rce_cve_2024_55956",
103345+
"aliases": [
103346+
103347+
],
103348+
"rank": 600,
103349+
"disclosure_date": "2024-12-09",
103350+
"type": "exploit",
103351+
"author": [
103352+
"sfewer-r7",
103353+
"remmons-r7"
103354+
],
103355+
"description": "This module exploits an unauthenticated file write vulnerability in Cleo LexiCom, VLTrader, and Harmony\n versions 5.8.0.23 and below.",
103356+
"references": [
103357+
"CVE-2024-55956",
103358+
"URL-https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update-CVE-2024-55956",
103359+
"URL-https://attackerkb.com/topics/geR0H8dgrE/cve-2024-55956/rapid7-analysis",
103360+
"URL-https://www.rapid7.com/blog/post/2024/12/10/etr-widespread-exploitation-of-cleo-file-transfer-software-cve-2024-50623/",
103361+
"URL-https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
103362+
],
103363+
"platform": "Java,Linux,Unix,Windows",
103364+
"arch": "java, cmd",
103365+
"rport": 5080,
103366+
"autofilter_ports": [
103367+
80,
103368+
8080,
103369+
443,
103370+
8000,
103371+
8888,
103372+
8880,
103373+
8008,
103374+
3000,
103375+
8443
103376+
],
103377+
"autofilter_services": [
103378+
"http",
103379+
"https"
103380+
],
103381+
"targets": [
103382+
"Java",
103383+
"Windows Command",
103384+
"Linux Command"
103385+
],
103386+
"mod_time": "2025-01-09 11:43:58 +0000",
103387+
"path": "/modules/exploits/multi/http/cleo_rce_cve_2024_55956.rb",
103388+
"is_install_path": true,
103389+
"ref_name": "multi/http/cleo_rce_cve_2024_55956",
103390+
"check": true,
103391+
"post_auth": false,
103392+
"default_credential": false,
103393+
"notes": {
103394+
"Stability": [
103395+
"crash-safe"
103396+
],
103397+
"Reliability": [
103398+
"repeatable-session"
103399+
],
103400+
"SideEffects": [
103401+
"ioc-in-logs"
103402+
]
103403+
},
103404+
"session_types": false,
103405+
"needs_cleanup": true
103406+
},
103342103407
"exploit_multi/http/clinic_pms_fileupload_rce": {
103343103408
"name": "Clinic's Patient Management System 1.0 - Unauthenticated RCE",
103344103409
"fullname": "exploit/multi/http/clinic_pms_fileupload_rce",

0 commit comments

Comments
 (0)